CVE-2024-56531

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the ALSA: caiaq section. The issue occurred during USB disconnection, where the current code used snd card free() at disconnection, causing a potential soft lockup due to waiting for the close of all used file descriptors. The USB disconnect callback is supposed to be short and not too-long waiting, but the use of snd card free() could take long and block upper layer USB ioctls. An easy workaround is to replace snd card free() with snd card free when closed(), which returns immediately while the release of resources is done asynchronously by the card device release at the last close.

Recommendations As a temporary workaround, consider replacing snd card free() with snd card free when closed() to prevent soft lockups during USB disconnection. Apply the patch that splits the code to the disconnect and the free phases, allowing the former to be called immediately at the USB disconnect callback while the latter is called from the card destructor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.